Date: Tue, 16 Apr 2002 08:28:06 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: saign <saign@tfb.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: Message-ID: <3CBC4306.2070009@tenebras.com> References: <200204161504.g3GF4aZ08740@cluster2.tfb.com>
next in thread | previous in thread | raw e-mail | index | archive | help
saign wrote:
> After reading the man page for dummynet, I\'m confused!
>
> xeon# ipfw pipe 1 config bw 384Kbit/s
> xeon# ipfw pipe 2 config bw 384Kbit/s
> xeon# ipfw add pipe 1 ip from 192.168.1.19 to any out
> 00400 pipe 1 ip from 192.168.1.19 to any out
> xeon# ipfw add pipe 2 ip from any to 192.168.1.19 in
> 00450 pipe 2 ip from any to 192.168.1.19 in
>
> xeon# ipfw show
> 00050 827195 473961009 divert 8668 ip from any to any via fxp0
> 00100 0 0 allow ip from any to any via lo0
> 00200 0 0 deny ip from any to 127.0.0.0/8
> 00300 0 0 deny ip from 127.0.0.0/8 to any
> 00400 0 0 pipe 1 ip from 192.168.1.19 to any out
> 00450 4283 4567749 pipe 2 ip from any to 192.168.1.19 in
Two points:
1)
it's helpful to specify an interface, since all packets
headed for 192.168.1.19 are seen both inbound and outbound
2)
if by the second pipe rule you intend to limit outbound (upstream)
traffic, remember that after being passed through natd,
the address will not match 192.168.1.19
Let's suppose that ${oif} is the "outside" interface, and ${iif} is
the inside interface. I believe you want (caveat: caffeine deficient)
ipfw add pipe 1 from 192.168.1.19 to any in recv ${iif}
ipfw add pipe 2 from any to 192.168.1.18 out xmit ${iif}
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CBC4306.2070009>